Cyber Resilience

CVE-2026-1361

High

Published: 27 January 2026

Published
27 January 2026
Modified
17 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0053 40.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-1361 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Deltaww Asda Soft. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 40.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-1361 is a stack-based buffer overflow vulnerability in ASDA-Soft, published on 2026-01-27. It is linked to CWE-121 (stack-based buffer overflow) and CWE-787 (out-of-bounds write), with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A local attacker with no privileges can exploit this vulnerability, though it requires user interaction. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data, modification of system integrity, and disruption of availability.

Delta's security advisory PCSA-2026-00003 provides details on mitigation, available at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00003_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-1361).pdf.

EU & UK References

Vulnerability details

ASDA-Soft Stack-based Buffer Overflow Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Stack-based buffer overflow in client-side industrial software (ASDA-Soft) with UI:R and local attack vector directly enables client-side exploitation via a malicious file opened by the user.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5726Same product: Deltaww Asda Soft
CVE-2026-3094Same vendor: Deltaww
CVE-2025-22881Same vendor: Deltaww
CVE-2026-0975Same vendor: Deltaww
CVE-2025-22880Same vendor: Deltaww
CVE-2026-1951Same vendor: Deltaww
CVE-2026-3630Same vendor: Deltaww
CVE-2026-33491Shared CWE-121, CWE-787
CVE-2025-21163Shared CWE-121, CWE-787
CVE-2025-27168Shared CWE-121, CWE-787

Affected Assets

deltaww
asda soft
≤ 7.2.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the stack-based buffer overflow vulnerability in ASDA-Soft by requiring timely identification, testing, and installation of vendor patches as per the Delta security advisory.

prevent

Implements memory protection mechanisms such as stack canaries, address space layout randomization, and non-executable stacks to block exploitation of stack buffer overflows even if the flaw remains unpatched.

prevent

Validates user inputs to the ASDA-Soft application to prevent the malformed data requiring user interaction from triggering the out-of-bounds write in the stack buffer.

References